This guide will show you how to install and configure a WireGuard VPN on Ubuntu 24.04|22.04 system.
WireGuard is an IPv4 and IPv6 connection-compatible lightweight virtual private network (VPN).
Using a VPN enables you to navigate public networks as though you were on a private network.
When using your laptop or smartphone to connect to an unsecured network, such as the WiFi at a hotel or coffee shop, it provides you the flexibility to use the internet safely and securely.
Although WireGuard was primarily developed for the Linux kernel, it quickly became popular with users of Windows and MacOS.
1. Install WireGuard VPN on Ubuntu 24.04|22.04
Firstly, before we begin to install Wireguard VPN on Ubuntu, you need to update your system using the command below;
sudo apt update
Next, If your machine doesn’t already have IPTABLES, install it.
sudo apt-get install iptables -y
To install Wireguard run the command on your Ubuntu 24.04|22.04;
sudo apt-get install wireguard -y
Sample output;
Building dependency tree... Done
Reading state information... Done
The following additional packages will be installed:
wireguard-tools
Suggested packages:
openresolv | resolvconf
The following NEW packages will be installed:
wireguard wireguard-tools
0 upgraded, 2 newly installed, 0 to remove and 109 not upgraded.
Need to get 90.0 kB of archives.
After this operation, 345 kB of additional disk space will be used.
Get:1 http://ke.archive.ubuntu.com/ubuntu jammy/main amd64 wireguard-tools amd64 1.0.20210914-1ubuntu2 [86.9 kB]
Get:2 http://ke.archive.ubuntu.com/ubuntu jammy/universe amd64 wireguard all 1.0.20210914-1ubuntu2 [3,114 B]
Fetched 90.0 kB in 5s (17.2 kB/s)
Selecting previously unselected package wireguard-tools.
(RUnpacking wireguard (1.0.20210914-1ubuntu2) ...
Setting up wireguard-tools (1.0.20210914-1ubuntu2) ...
wg-quick.target is a disabled or a static unit not running, not starting it.
Setting up wireguard (1.0.20210914-1ubuntu2) ...
Processing triggers for man-db (2.10.2-1) ...
Reading database ... 195624 files and directories currently installed.)
2. Configure WireGuard on Ubuntu 24.04|22.04
Then execute the following command to generate both a public and a private key.
wg genkey | sudo tee /etc/wireguard/privatekey | wg pubkey | sudo tee /etc/wireguard/publickey
Now check to see if both keys were generated using the below command.
$ sudo ls /etc/wireguard
privatekey publickey
Use the following commands to see the contents of both the private key and the public key.
sudo cat /etc/wireguard/privatekey
sudo cat /etc/wireguard/publickey
The keys are generated and saved in the location /etc/wireguard. The next step is to create a network configuration.
$ sudo vim /etc/wireguard/wg0.conf
[Interface]
Address = 10.10.10.1/24
SaveConfig = true
ListenPort = 51820
PrivateKey = <SERVER-PRIVATE-KEY>
PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
Substitute the values for the server’s private key for “SERVER-PRIVATE-KEY“.
Set the wireguard configuration files’ permissions appropriately.
sudo chmod 600 /etc/wireguard/{privatekey,wg0.conf}
Run the following command to launch the wireguard interface Wgo.
sudo wg-quick up wg0
Output;
[#] ip link add wg0 type wireguard
[#] wg setconf wg0 /dev/fd/63
[#] ip -4 address add 10.10.10.1/24 dev wg0
[#] ip link set mtu 1420 up dev wg0
[#] iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
If your system has a firewall, use the command below to allow port 51820.
$ sudo ufw allow 51820/udp
Rules updated
Rules updated (v6)
3. Starting the WireGuard Server
Enable WireGuard VPN so that it launches at startup.
Use the command below;
sudo systemctl enable wg-quick@wg0
Start WireGuard VPN
sudo systemctl start [email protected]
With the following command, double-check that the WireGuard service is active.
The output should show active (running).
systemctl status [email protected]
Output;
● [email protected] - WireGuard via wg-quick(8) for wg0
Loaded: loaded (/lib/systemd/system/[email protected]; enabled; vendor pre>
Active: active (exited) since Wed 2022-11-23 09:48:15 EAT; 5min ago
Docs: man:wg-quick(8)
man:wg(8)
https://www.wireguard.com/
https://www.wireguard.com/quickstart/
https://git.zx2c4.com/wireguard-tools/about/src/man/wg-quick.8
https://git.zx2c4.com/wireguard-tools/about/src/man/wg.8
Process: 845 ExecStart=/usr/bin/wg-quick up wg0 (code=exited, status=0/SUCC>
Main PID: 845 (code=exited, status=0/SUCCESS)
CPU: 85ms
4. Enable IP forwarding
In the /etc/sysctl.conf file, uncomment the line that reads “net.ipv4.ip forward=1“.You can choose your best editor.
sudo vi /etc/sysctl.conf
Uncomment line;
net.ipv4.ip_forward=1
Make changes by using the command:
sudo sysctl -p
That’s all about the installation of Wireguard VPN.
Conclusion
You’ve made it to the end of the article. You have now learned how to set up WireGuard VPN on Ubuntu 24.04|22.04.
Read more about WireGuard VPN
Other manual guides to check: